我们可以从 aws Glue PySpark 作业触发 AWS Lambda 函数吗?
Can we trigger AWS Lambda function from aws Glue PySpark job?
目前我可以 运行 Glue PySpark job,但这是否可以从 Glue 调用此作业的 lambda function?使用我的 PySpark Glue 作业中的以下代码,我正在调用 lambda 函数。
lambda_client = boto3.client('lambda', region_name='us-west-2')
response = lambda_client.invoke(FunctionName='test-lambda')
错误:
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the Invoke operation: User: arn:aws:sts::208244724522:assumed-role/AWSGlueServiceRoleDefault/GlueJobRunnerSession is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-west-2:208244724522:function:hw-test
但是我向我的 Glue iam 角色添加了适当的 lambda 角色,仍然出现上述错误。需要添加任何特定角色?
谢谢。
要调用 AWS Lambda,您可以使用以下 policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowToExampleFunction",
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:<region>:<123456789012>:function:<example_function>"
}
]
}
您的角色不适合 Lambda 调用,因为
AWSLambdaBasicExecutionRole – Grants permissions only for the Amazon CloudWatch Logs actions to write logs. You can use this policy
if your Lambda function does not access any other AWS resources except
writing logs.
AWSLambdaVPCAccessExecutionRole – Grants permissions for Amazon Elastic Compute Cloud (Amazon EC2) actions to manage elastic network
interfaces (ENIs).
请参阅有关这些角色的文档 here。
目前我可以 运行 Glue PySpark job,但这是否可以从 Glue 调用此作业的 lambda function?使用我的 PySpark Glue 作业中的以下代码,我正在调用 lambda 函数。
lambda_client = boto3.client('lambda', region_name='us-west-2')
response = lambda_client.invoke(FunctionName='test-lambda')
错误:
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the Invoke operation: User: arn:aws:sts::208244724522:assumed-role/AWSGlueServiceRoleDefault/GlueJobRunnerSession is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-west-2:208244724522:function:hw-test
但是我向我的 Glue iam 角色添加了适当的 lambda 角色,仍然出现上述错误。需要添加任何特定角色?
谢谢。
要调用 AWS Lambda,您可以使用以下 policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowToExampleFunction",
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:<region>:<123456789012>:function:<example_function>"
}
]
}
您的角色不适合 Lambda 调用,因为
AWSLambdaBasicExecutionRole – Grants permissions only for the Amazon CloudWatch Logs actions to write logs. You can use this policy if your Lambda function does not access any other AWS resources except writing logs.
AWSLambdaVPCAccessExecutionRole – Grants permissions for Amazon Elastic Compute Cloud (Amazon EC2) actions to manage elastic network interfaces (ENIs).
请参阅有关这些角色的文档 here。